Your SlideShare is downloading. ×
A secure modification to hsiang shih’s scheme
A secure modification to hsiang shih’s scheme
A secure modification to hsiang shih’s scheme
A secure modification to hsiang shih’s scheme
A secure modification to hsiang shih’s scheme
A secure modification to hsiang shih’s scheme
A secure modification to hsiang shih’s scheme
A secure modification to hsiang shih’s scheme
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

A secure modification to hsiang shih’s scheme

99

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
99
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME77A SECURE MODIFICATION TO HSIANG-SHIH’S SCHEMEMohd Zainulabedin HasanDepartment of Computer Science,Asifia College of Engineering and Technology,Chintulla(V), Yacharam(M), R.R Dist.Mohd Ubaidullah ShareefDepartment of computer science,Asifia College of Engineering and Technology,Chintulla(V), Yacharam(M), R.R Dist.ABSTRACTThe proposal schemes of Hsiang and Shih for the remote User authentication scheme usingsmart card they arrogate that their schemes guarded against parallel session attack, and passwordguessing attacks, in this paper, we proposed that Hsiang and Shih’s schemes are still vulnerable to off-line password guessing attacks and indiscernible on-line password guessing attacks. The scenario willbe same in which the user loss smart card as in the schemes of Hsian and shih’s. This proposal is asecure modification and beat the security flaws in the Hsiang and Shih’s remote user authenticationschemes using smart cardsKeywords— Smart Card, Cryptanalysis, authentication, Security,I. INTRODUCTIONAs the spontaneous spread of communication network technology, it is extremely importantto watch keen view to developing security concerns As such , password-based authentication hasbecome one of the best practically applied techniques used to problem-solve regarding variousapplications in wireless environments and other remote authentication systems. In 1981, Lamport [13]proposed the first password-based remote authentication scheme for identifying a legal user using ahash-chain technique through insecure communication. In our scheme, all secret passwords are storedin a verifier’s table that is maintained by the remote server; in a situation such as this, there exists apotential threat such that all maintained records might be modified by attackers. In order to solvethese problems, numerous undertakings in research [1-10, 12, 14-19] have been executed duringrecent years.INTERNATIONAL JOURNAL OF ADVANCED RESEARCH INENGINEERING AND TECHNOLOGY (IJARET)ISSN 0976 - 6480 (Print)ISSN 0976 - 6499 (Online)Volume 4, Issue 3, April 2013, pp. 77-84© IAEME: www.iaeme.com/ijaret.aspJournal Impact Factor (2013): 5.8376 (Calculated by GISI)www.jifactor.comIJARET© I A E M E
  • 2. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME78In 1990, Hwang et al. [10] proposed a non-interactive password authentication scheme withoutpassword tables using smart cards. Follow up research [1, 2, 8, 11, 13, 16, 17] has also been proposed.Because these schemes suffered from a susceptibility to ID-theft attack, an attacker could forge a legaluser using an eavesdropped users’ identity documentation. Yoon et al. [20], in 2004, proposed anefficient password based remote user authentication scheme using smart cards that has significantadvantages; most notably, the remote server does not need to maintain a verifier’s table. However, in2009, Hsiang and Shih [6] pointed out that Yoon et al.’s scheme still exhibited several weaknesses.For example, it is susceptible to parallel session attacks, masquerade attacks and password guessingattacks. Nevertheless, according to my cryptanalysis, Hsiang and Shih’s scheme still has notableweaknesses to off-line password guessing attacks and undetectable on-line guessing attack. Moreover,the smart-card-based schemes suffered in contexts involving a lost smart card. In fact, someresearches [11, 15] reveal the stored parameters of smart card. Therefore, I propose an improvedscheme to overcome all of the security weaknesses mentioned above. The rest of this paper isorganized as follows. Section 2 provides a brief review of the weakness of Yeh et al.’s schemes.Section 3 provides details of the proposed scheme. Section 4 provides a security analysis of myscheme. Section 5 shows a security and performance comparison with related research. We provideconclusions in the last section.II. REVIEW OF HSIANG AND SHIH’S SCHEMEIn this section, we briefly describe Hsiang and Shih’s scheme [6], which consists of fourphases: the registration phase, the login phase, the authentication phase, and the password changephase. The notation of this paper is listed as follows:U : the userS : the remote serverTu,Ts : the timestampsID : the user’s identityPWD : the user’s passwordx : the secret key of remote serverb : random numbersNu, Ns : noncesh(·) : a one-way hash function: Bitwise exclusion operation|| : concatenation operationX = Y : determine X if equal to YA. Registration phaseIn this phase, U initially registers, or re-registers, to S and the steps are described as follows:Step 1: U selects a random number b and computes h(b PWD). He or she then securely send ID, h(PWD) and h (b PWD) to S.Step 2: S creates a new entry with a value m=0 for U in the database or sets m=m+1 in the existingentry. Here, m denotes the number of times of re-registering to S for each user U. Next, Scomputes EID, P, R and V:EID = (ID || m) (1)P = h(EID x) (2)R = P h(b PWD) (3)?
  • 3. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME79V = h (P h (PWD)) (4)Then, S securely issues a smart card containing V, R, h(·) to U.Step 3: Finally, U enters a random number b into his or her smart card.B. Login phaseWhen U wants to login S, the following steps will be performed:Step 1: U inserts his or her smart card into the card reader and then enters the ID and PWD.Step 2: U’s smart card computes C1, C2:C1 = R h( b PWD ) (5)C2= h( C1 Tu ) (6)And sends the authentication request messages (ID, Tu, C2) to S.C. Authentication phaseUpon receiving the request messages (ID, Tu, C2), the remote server S and the smart cardperform the following steps:Step 1: S first checks the validity of h(ID) and Ts > Tu. If it does not hold, S rejects U’s loginrequest; otherwise, S computes h(h(EID x) Tu), and compares it with C2:h(h(EID x) Tu )=? C2 (7)If the Eq. (7) holds, S accepts U’s login request and computes C3:C3 =h(h(EID x) h(Ts)) (8)otherwise, S rejects it. Continuously, S sends the response messages (Ts, C3) to U.Step 2: According the received messages (Ts, C3), U’s smart card checks the validity of Ts > Tu. If itdoes not hold, U terminates the session; otherwise, U computes h(C1 h(Ts)) and compares itwith C3:h(C1 h(Ts ))=? C3 (9)If the Eq. (9) holds, U successfully authenticates S.D. Password change phaseIn this phase, U intends to exchange his or her password PWD with a new one PWDnew. Thesteps are described as follows:Step 1: U inserts his or her smart card into the card reader, enters ID and PWD, and then requests apassword change.Step 2: U’s smart card computes P*, V* and compares V* with the stored V:P* = R h(b h( (PWD))) (10)V * = h(P* h( (PWD))) (11)V *=?V (12)If Eq. (12) does not hold, the smart card rejects the request; otherwise, U inputs the newpassword PWDnew. Afterward, U’s smart card computes Rnew and Vnew as follows:Rnew=P* h(b h( (PWDnew))) (13)Vnew=h(P* h( (PWD))) (14)then, replaces R and V with Rnew and Vnew, respectively.
  • 4. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME80III.WEAKNESS OF HSIANG AND SHIH’S SCHEMEAlthough Hsiang and Shih’s scheme was an improved version of Yoon et al.’s scheme [20],several security weaknesses still exist. These susceptibilities include: off-line password guessingattacks and undetectable on-line password guessing attacks. We describe these attacks as follows.A. Off-line password guessing attacksThis involves a situation where a user’s smart card was stolen by an attacker A, and where Auses the stolen smart card to extract the secret parameters b and R [11, 15].Continuously, A can use the previously eavesdropped messages (ID, Tu, C2) or (Ts, C3) to obtain U’spassword PWD according to the following steps:Step 1: First, an attacker a guesses a password PWDA and computes counterfeit messages CA1 orCA2 for comparison with the intercepted messages C2 or C3, as follows:CA1=h(R (b PWDA) Tu) (15)CA1=? C2 (16)OrCA2=h(R (b PWDA) h(Ts)) (17)CA2? =C3 (18)If the Eq. (16) or (18) holds, the attacker A guessed the correct PWD; otherwise, A can retry step 1until the Eq. (16) or (18) be held. Therefore, A can guess the correct PWD to change the user’spassword. Refer to the password change phase.B. Undetectable on-line password guessing attacksThis refers to upon subsection, where an attacker A is able to extract the secret parameters band R through the stolen smart card. As with the previously eavesdropped messages (ID, Tu, C2), Acan guess the U’s password as follows:Step 1: A guesses a possible password PWDA and computes a value following Eq. (15) CA1 with atimestamp TA. A then computes counterfeit messages (ID, TA, CA1) to send to the server S.Step 2: After receiving the messages, S first checks the timestamp Ts > TA. Continuously, Scomputes h(h(EID x) TA) to compare the received value CA1. If both of them are equal,then PWDA is U’s correct password. Then, S accepts this login request and sends themessages (Ts, C3) to A.Step 3: According to the received messages, A can recognize that the correct password has beenguessed; otherwise, A retries the above attack procedures until obtaining the correctpassword.IV.OUR IMPROVED SCHEMEIn the context of Hsiang and Shih’s remote user authentication scheme, the server’s secret keyis compromised by a malicious legal user. Therefore, we have designed a scheme with two unknownfactors to protect each parameter in the smart card. Our remediable schemes consist of four phases:the registration phase, the login phase, the authentication phase, and the password change phase. Wedescribe these phases in the following subsection.
  • 5. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME81A. Registration phaseStep 1: The user U chooses a password and then submits the registration messages (ID, h(PWD)) tothe remote server S via a secure channel.Step 2: When S receives the registration messages from U, S first generates a nonce Ns and uses IDand h(PWD) to compute three values P, R and V:P=h(x) ( (ID) Ns) (24)V=h(ID h(x) Ns)) (25)R= h(x |Ns) h(( PWD)) (26)Afterward, S issues the smart card with parameters P, R, V and h(·) to U through a secure channel.B. Login phaseIf U wants to login S, he or she first insert his or her own smart card into a card reader or the terminal.Then, U enters his or her ID and PWD. The smart card performs the following steps:Step 1: The smart card uses PWD and R to compute a value h(x||Ns) and calculate V tocompare with V:h(x ||N ) =R||h ( (PWD)) (27)V = h( ID||h(x Ns) ) (28)V = V (29)If Eq. (29) holds, the smart card generates a nonceNu and computes messages C1 and C2; otherwise, the login request is rejected:C1= R h( (PWD)) Nu (30)C2 =h (h(ID) Nu) (31)Step 2: Finally, the smart card sends login request messages (P, C1, C2) to S.C. Authentication phaseUpon receiving the login request (P, C1, C2), S has to perform the following steps toauthenticate U:Step 1: S uses the received value P and its secret key x to obtain (ID and Ns):(ID Ns )= P || h(x) (32)Afterward, S computes Nu to check if the authentication message C2 is valid or not:Nu=C1||h(x Ns) (33)h (h (ID) Nu )?= C2 (34)If Eq. (34) holds, S confirms that U is a legal user and responds a message C3 to U:C3=h (ID Nu) (35)Otherwise, S rejects the login request.Step 2: When receiving the response C3, U first verifies whether the message is valid or not:h(ID Nu )?= C3 (36)If the Eq. (36) holds, U confirms that S is valid.Therefore, U and S can correctly authenticate each other.D. Password change phaseIn this phase, if a U wants to change his or her password, he or she will perform the followingsteps:Step 1: U inserts his or her smart card into a card reader or the terminal, and then enters the ID andthe original PWD.
  • 6. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME82Step 2: According to Eqs. (28) and (29), the smart card examines the validity of ID and PWD andcompares V with the stored V. If this holds, U is allowed to key in a new passwordPWDnew; otherwise, the smart card rejects the password change request.Step 3: The smart card calculates R:R=R||h ( (PWD)) ||h( (PWD new))= h(x Ns) h ( (PWD new)) (37)And replaces the old value R with the new R. Thus, the password has been successfullychanged without the participation of remote server S.V. SECURITY ANALYSISIn this section, we will discuss the security of our improved scheme and demonstrate how it ismore secure than previous schemes.A. Mutual authenticationIn our improved scheme, the server authenticates the user by checking the message C2. Ifserver’s computed value (h(ID)||Nu) is equal to C2, the server proves that the user is valid. Then,server sends message C3 to the user. The user also compares C3 with his or her computation valueh(ID||Nu). If both of them are equal, the user confirms that the server is legitimate. Since the secretvalue h(x||Ns) is shared between user and server, they can authenticate each other with the loginmessages (P, C1, C2) and the reply message C3. Hence, mutual authentication obtains in ourimproved scheme.B. Smart card lostAccording to our improved scheme, if an attacker A obtains a legal user U’s smart cardsomehow, they cannot obtain any parameter without the user’s password; even if A extracts theparameters P, R, and V (see Eqs. (24)-(26)) from the smart card, they still cannot obtain any sensitiveinformation (such as ID, PWD, Ns or the server’s secret key x) with those parameters. Notably, Adoes not know U’s correct password and each parameter are always protected by two unknown factorsof the smart card. Therefore, no one can use the stolen smart card to obtain authentication without U’scorrect password and identity.C. Password guessing attacksThis situation involves an attacker A obtaining the U’s smart card and intercepting previousmessages. In this case, A intends to guess the U’s PWD from the stored parameter R of the smart cardand must know the secret key x and the nonce Ns to compute similar parameters for comparison withparameter R. On the other hand, A can use R and the intercepted P to compute similar messages (P,C1, C2) and send it to S in an attempt to guess U’s PWD. As A has two unknown values, ID andPWD, it is difficult to successfully complete this password guessing attack.D. Replay attackIn our improved scheme, we use a nonce mechanism to prevent the replay attack and to solve thesynchronization problem. When an attacker intends to replay the previous messages (P, C1, C2) toachieve authentication, they cannot as the nonce value Nu is different in each session. For this reason,the attacker cannot achieve authentication using previous messages.VI.PERFORMANCE ANALYSISRecently researchers [6, 20] have generally only considered one unknown factor for eachparameter; this is why their schemes were compromised and have become susceptible to variousattacks. However, our improved scheme always consists of two unknown factors within eachcommunication to meet more stringent security requirements. It can be clearly observed that our
  • 7. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME83scheme is more secure than those proposed by others. Generally speaking, the computation cost of ourscheme is comparable to Hsiang and Shih’s scheme. However, our scheme can defend against all ofthe attacks discussed herein more effectively than all previous attempts. We compare the securityrequirements and computation costs with Hsiang and Shih’s scheme in Tables 1 and 2, respectively.VII. CONCLUSIONSIn this paper, we have proposed an improved scheme that consistently protects each secretparameter with two unknown factors in the smart card; thus, an attacker cannot obtain any sensitiveinformation, even if he or she is a malicious legal user. Most notably, our scheme not only addressesmore stringent security requirements and protects against known types of attacks, it also reducescomputation costs more effectively than Hsiang and Shih’s scheme.Therefore, our scheme holds substantial value in the context of numerous applications in variousnetwork environments.TABLE 1. Security Comparision Between Other RelatedResearches And OursYoon et al.’sscheme[20]Hsiang andShih’s scheme[6]OursMutual authentication Yes Yes YesSolve clock synchronization problem No No YesSolve smart card lost problem No No YesPrevention of undetectable onlinepassword guessing attacksNo No YesPrevention of offline password guessingattacksNo No YesPrevention of replay attacks No No YesTable 2. Performance Comparision BetweenOther Related Researches And OursYoon et al.’sscheme [20]Hsiang and Shih’sscheme [6]OursRegistration phase 2H + 3Xor 4H + 4Xor 4H + 2XorLogin and authentication phase 6H + 7Xor 8H + 7Xor 10H + 4XorPassword change phase 6H + 6Xor 6H + 6Xor 3H + 2XorTotal 14H + 16Xor 18H + 17Xor 17H + 8Xor
  • 8. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME84REFERENCES[1] A. K. Awasthi, and S. Lal, “A remote user authentication scheme using smart cards with forwardsecrecy,” IEEE Transactions on Consumer Electronics, Vol. 49, No. 4, pp. 1246-1248, 2003.[2] C.Chang, and K. F.Hwang, “Some forgery attacks on a remote user authentication scheme usingsmart cards,” Informatics, Vol. 14, No. 3, pp. 289-294, 2003.[3] H. Y. Chien, and C. H. Chen, “A remote authentication scheme preserving user anonymity,” In:Proceedings of the 19th International Conference on Advanced Information Networking andApplications, pp. 245-248, 2005.[4] Y. Ding, and Horster, P., “Undetectable on-line password guessing attacks,” ACM SIGOPSOperating Systems Review, Vol. 29, No. 4, pp. 77-86, 1995.[5] X. Duan, J.W.Liu, and Q. Zhang, “Security improvement on Chienet al.’s remote userauthentication scheme using smart cards,” In: Proceedings of the IEEE International Conference onComputational Intelligence and Security, pp. 1133-1135, 2006.[6] H.C.Hsiang, and W.K. Shih, “Weaknesses and improvements of the Yoon-Ryu-Yoo remote userauthentication scheme using smart cards,” Computer Communications, Vol. 32, No. 4, pp. 649-652,2009.[7] M. S.Hwang, S. K.Chong, and T. Y.Chen, “DoS-resistant ID-based password authenticationscheme using smart cards,” Journal of Systems and Software, Vol. 83, No. 1, pp. 163-172, 2010.[8] M. S.Hwang, C. C. Lee, and Y. L. Tang, “A simple remote user authentication scheme,”Mathematical and Computer Modelling, Vol. 36 No. 1-2, 103-107, 2002.[9] M. S. Hwang, and L. H. Li, “A new remote user authentication scheme using smart cards,” IEEETransactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000.[10] T. Hwang, Y. Chen, and C. S. Laih, “Non-interactive password authentication without passwordtables,” In: Proceedings of IEEE Region 10 Conference on Computer and Communication Systems,pp. 429-431, 1990.[11] P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” In: Advances in Cryptology:Proceedings of CRYPTO 99, LNCS 1666, pp. 388-397, 1999.[12] W. C. Ku, and S. M. Chen, “Weaknesses and improvements of an efficient password basedremote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics,Vol. 50, No. 1, pp. 204-207, 2004.[13] L.Lamport, “Password authentication with insecure communication,” ACM Communications,Vol. 24, No. 11, pp. 770-772, 1981.[14] C. C. Lee, M. S.Hwang, and W. P. Yang, “A flexible remote user authentication scheme usingsmart cards,” ACM Operating Systems Review, Vol. 36, No. 3, pp. 46-52, 2002.[15] T. S.Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smartcard security under the threatof power analysis attacks,” IEEE Transactions on Computers, Vol. 51, No. 5, 541-552, 2002.[16] M. Misbahuddin, M. A. Ahmed, and M. H. Shastri, “A simple and efficient solution to remoteuser authentication using smart cards,” Innovations in Information Technology, pp. 1-5, 2006.[17] H. M. Sun, ”An efficient remote user authentication scheme using smart cards,” IEEETransactions on Consumer Electronics, Vol. 46, No. 4, 958-961, 2000.[18] J. J. Shen, C. W.Lin and M. S. Hwang, “A modified remote user authentication scheme usingsmart cards,” IEEE Transactions on Consumer Electronics, Vol. 49, No. 2, pp. 414-416, 2003.[19] Natasa Zivic, “Soft Verification of Message Authentication Codes” International Journal OfElectronics And Communication Engineering &Technology (IJECET) Volume 3, Issue 1, 2012, pp.262 - 285, ISSN Print: 0976- 6464, ISSN Online:0976 –6472.[20] Revathi Venkataraman, K.Sornalakshmi, M.Pushpalatha, T.Rama Rao, “Implementation OfAuthentication And Confidentiality In Wireless Sensor Network” International Journal Of ComputerEngineering & Technology (IJCET) Volume 3, Issue 2, 2012, pp. 553 - 560, ISSN PRINT : 0976 –6367, ISSN ONLINE : 0976 – 6375

×